https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27358
--- Comment #19 from Tomás Cohen Arazi <tomasco...@gmail.com> --- Created attachment 123843 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=123843&action=edit Bug 27358: Add a generic way to handle API privileged access attributes deny-list This patch introduces a way for Koha::Object(s)->to_api to filter out attributes that require privileged access. It is done in a way that the 'public' parameter is recursively passed to nested objects in recursive to_api() calls. This way, Koha::Object-based classes can determine how they will render depending on this parameter. For example, for implementing a route for fetching an item looks like: GET /items The controller will look like: my $item = Koha::Items->find( $c->validation->param('item_id') ); return $c->render( status => 200, openapi => $item->to_api ); Implementing an unprivileged (public) route would look like: GET /public/items/:item_id The controller will look like: my $item = Koha::Items->find( $c->validation->param('item_id') ); return $c->render( status => 200, openapi => $item->to_api({ public => 1 }) ); To test: 1. Apply this patch 2. Run: $ kshell k$ prove t/db_dependent/Koha/Object*.t => SUCCESS: Tests pass (i.e. current behaviour is kept, new behaviour passes the tests) 3. Sign off :-D Signed-off-by: Martin Renvoize <martin.renvo...@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/